[Dshield] Time stamp accuracy

Jon R. Kibler Jon.Kibler at aset.com
Thu Oct 7 16:00:25 GMT 2004

Alan Frayer wrote:
> On Wed, 2004-10-06 at 21:17, Johannes B. Ullrich wrote:
> > > Unfortunately, Netopia did not provide for automatic time sync in their
> > > routers, nor do they allow time to be set to the second, so time is
> > > likely to be an issue for me all of the time (I make adjustments as
> > > needed whenever I get inside the network, but that isn't very
> > > frequently).
> >
> > doesn't sound like a very good router/fw :-/.
> I agree. Like so much technology these days, the guys using the stuff
> aren't the guys who bought it. But at least it has firewall and
> reporting capabilities!

Two thoughts on this issue:
   1) Does your router support SNTP? I had some 800 series Cisco boxes that I was swearing at because they did not support NTP, but found that they support SNTP -- a protocol with which I was not familiar with prior to that issue. (Basically, SNTP relies on a single NTP server on a local network to provide accurate time feeds.)
   2) Can your router log to syslog? If it can, set up a *nix box with an accurate clock, log to syslog, and your time stamps should be accurate +/- a second or so. Yes, you will have to reformat your logs for DShield, but at least that is a one-time problem.

